-
-
Notifications
You must be signed in to change notification settings - Fork 14.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EDIT: nixos/stage-2-init: add systemdFlags option #3105
EDIT: nixos/stage-2-init: add systemdFlags option #3105
Conversation
This makes tons of sense since it's a boot script. 👍 |
Doesn't docker run containers in a private PID namespace? The systemd manpage suggests you shouldn't use this option:
|
Well it does not work if i remove this option, if i run docker in On Fri, Jun 27, 2014 at 2:55 PM, Eelco Dolstra notifications@github.com
-----BEGIN PGP PUBLIC KEY BLOCK----- mQENBFEY1PEBCADPOfERF2wo4qeoq9L1m2z4pKfWqNd4B6BsoFUWPNd7BXmY+9JG |
Ok i've change this pull request, instead of hardcoding |
Actually the point of a container is that you appear to have (almost) all privileges inside the container :-) I don't object to adding |
Well it looks like it works for docker/libcontainer, so i think |
That misses the point. Why doesn't the container have its own PID namespace? Doesn't docker support that? |
I actually don't know, it looks like it has, but i have no idea why PID is not 1, if i don't set |
How is the NixOS stage 2 script invoked? It should be done using "exec", otherwise it will run as PID > 1 (and so will systemd). |
I don't know how it's invoked, i guess i will look in libcontainer source code, but will see how much i understand golang. |
Yeah, looks like PID is 6, this looks like they run something before init, and looks like i can't simply fix this. |
Unless the actual PID 1 cleans up zombies, then the container won't work properly (because that only works when systemd is PID 1). |
Ok, i've managed to run systemd as PID 1 in libcontainer, but in that case it freezes without any log output. Do you have any idea? |
This is a backtrace from gdb:
EDIT: I also reported this bug upstream to docker, moby/moby#6730 |
So even if we fix the merge conflict, we'd get little until docker fixes the bug? |
@offlinehacker Is this still needed? NixOS runs on Docker without it, right? |
No, this is not needed anymore, i've found a hack around, i'm closing this. |
Add
boot.systemdFlags
option to change systemd boot flags.